Lucene search
K

12347 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 8:26 p.m.6 views

CVE-2026-50559

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...

7.5CVSS5.8AI score0.00451EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/19 7:35 p.m.13 views

EUVD-2026-36542

parse-server: Relation $relatedTo query bypasses protectedFields and owning-object ACL...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 7:35 p.m.17 views

EUVD-2026-36540

parse-server: Endpoints /login and /verifyPassword disclose MFA secrets and protected fields when User get is denied...

5.9CVSS5.8AI score0.00251EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in imagemagick

ImageMagick versions before 6.9.11-40 and 7.x before 7.0.10-40 mishandle the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized, allowing additional shell commands to be injected through...

7.8CVSS6.8AI score0.07508EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Handle protected guests properly in completehypercallexit Use is64bithypercall instead of is64bitmode to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g., SEV-ES and SEV-SN...

5.5CVSS6.3AI score0.00203EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in HAPProxy

A issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. A HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, as in t...

5.3CVSS6.1AI score0.0177EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Siemens RuggedCom Rox Use of Weak Hash (CVE-2025-3576)

A vulnerability in the MIT Kerberos implementation allows GSSAPI- protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This m...

5.9CVSS6.7AI score0.00276EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/17 6:36 p.m.12 views

Cross-Origin Resource Sharing (CORS) Misconfiguration

hono is vulnerable to Cross-Origin Resource Sharing CORS Misconfiguration. The vulnerability is due to reflecting arbitrary Origin headers while allowing credentials when no explicit origin is configured, which allows an attacker-controlled website to make authenticated cross-origin requests and...

7.1CVSS5.4AI score0.00248EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.8 views

io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

7.5CVSS5.4AI score0.00451EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/16 2:9 p.m.9 views

Directory Traversal

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Directory Traversal via the serve-static method on Windows hosts when an encoded backslash %5C in the request path is decoded to , which is treated as a separator by the Windows path...

8.7CVSS6.5AI score0.00292EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 12:40 p.m.5 views

BIT-PARSE-2026-53726 Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting client by...

6.9CVSS5.4AI score0.00276EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 12:40 p.m.3 views

BIT-PARSE-2026-53725 Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1, apps that enable MFA and deny get on the User class via Class-Level Permissions could expose sensitive user data through the /login and /verifyPasswo...

5.9CVSS5.3AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 2:16 a.m.13 views

CVE-2026-42014

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS0.0015EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/06/16 12:49 a.m.2 views

CVE-2026-42014

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS5.8AI score0.0015EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/06/16 12:49 a.m.40 views

CVE-2026-42014 Gnutls: gnutls: use-after-free in gnutls_pkcs11_token_set_pin

A flaw was found in GnuTLS. The gnutlspkcs11tokensetpin function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path...

6.6CVSS0.0015EPSS
Exploits0References15
CVE
CVE
added 2026/06/16 12:49 a.m.23 views

CVE-2026-42014

GnuTLS vulnerability CVE-2026-42014 fixes a use-after-free in gnutls_pkcs11_token_set_pin when changing the Security Officer PIN with a NULL old PIN on tokens lacking a protected authentication path. The connected advisories (SUSE SUSE-SU-2026:2115-1, OSV entries, and Red Hat Oracle/Rocky advisor...

6.6CVSS5.2AI score0.0015EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-50152

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.84.0 Description A Host-header parsing flaw in the LiteLLM proxy allows unauthenticated access to protected management routes. The authentication layer derives the effective route from request.url.path in the get...

9.8CVSS5.8AI score0.00559EPSS
Exploits1References16
RedHat Linux
RedHat Linux
added 2026/06/15 2:59 p.m.7 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.2AI score0.00939EPSS
Exploits0References5
Redos
Redos
added 2026/06/15 12:0 a.m.5 views

ROS-20260615-73-0043

The vulnerabilities of the functions kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA in the FreeRDP client are related to a memory reclamation error. Exploiting these vulnerabilities could allow an attacker to compromise the accessibility of protected information...

5.3CVSS5.5AI score0.00282EPSS
Exploits0
Redos
Redos
added 2026/06/15 12:0 a.m.6 views

ROS-20260615-73-0021

The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9.8CVSS8.3AI score0.00587EPSS
Exploits1
Rows per page
Query Builder